Open Positions

GRC Specialist

Security
Romania, Bucharest

We’re looking for a GRC Specialist to join Global-e’s cyber security department and manage Global-e’s governance, risk and compliance (GRC) aspects from ground up. Build GRC processes, implement new producers and maintain technology systems to support GRC.

Responsibilities:

Lead our compliance operations and audit plans including ISO 27001, SOC2, SOC3 and PCI-DSS.
Conduct a risk assessment on systems, processes, vendors and maintain a security maturity program.
Design and maintain security methodologies, policies and procedures including exceptions and suggestions for corrective actions.
Be in charge of Third party risk management (TPRM)
Plan, design and implement GRC tools.
Plan design and implement continues compliance.
Support sales teams, enabling them to respond to customers and prospect questionnaires and RFP’s.

Requirements

3 years of experience in a GRC role
At least 1 year of experience in information security, risk management, privacy, and compliance.
Strong understanding of information security and privacy frameworks and regulations, such as ISO27001, SOC 2, GDPR, NIST and PCI-DSS.
Experience in leading at least one of the following audits: ISO 27001, PCI-DSS, SOC2 including evidence collection and reporting.
Strong technical background in IT and Cloud – an advantage.
Knowledge of risk assessment methodologies.
Experience in the assessment of existing security controls and defining new controls and solutions.
Strong oral and written communications and presentation skills.
Relevant security and development certifications (QSA, Lead auditor, CISM, CISSP, OSCP, CEH) – an advantage.
Experience in GRC frameworks and operating modern systems in a fast-paced, rapidly evolving company environment.
Experience working in a global environment.
Fluent English – Must.